Date: Tue, 16 May 2006 00:04:04 -0500 From: "Travis H." <solinym@gmail.com> To: "Lyndon Nerenberg" <lyndon@orthanc.ca> Cc: freebsd-pf@freebsd.org Subject: Re: promt solution with max-src-conn-rate Message-ID: <d4f1333a0605152204g5761f7ctc929516e36027d1c@mail.gmail.com> In-Reply-To: <340DFC1B-2620-4997-B495-67FA88F8662F@orthanc.ca> References: <44680266.2090007@azimut-tour.ru> <446873D3.7090703@azimut-tour.ru> <55e8a96c0605150907k49af4454t5d0431ea036e11bc@mail.gmail.com> <200605151823.17265.viktor.vasilev@stud.tu-darmstadt.de> <fee88ee40605151617x75001284x54b9f33f89b7c339@mail.gmail.com> <55278.192.168.4.1.1147735542.squirrel@mail.abi01.homeunix.org> <d5992baf0605151829t34fc8a90kec1b7212544f4423@mail.gmail.com> <340DFC1B-2620-4997-B495-67FA88F8662F@orthanc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I also have plans to write a sniffer to detect this kind of misuse without log-parsing, and the idea is to implement it at your gateway choke-point so it can detect it against any inbound connection, regardless of the ultimate source. Sorry to mention vaporware, but I'm pretty close to finishing it -- I have a sniffer that detects bittorrent traffic behind NAT and sets up rdr rules to support it. It's also a logical step to do port knocking (a/k/a single packet authentication) by sniffing the pflog interface and capturing the full content of blocked packets. I intend to do that as well. --=20 "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wrig= ht Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a0605152204g5761f7ctc929516e36027d1c>